API Reference

Retrieves an access token.

Unless otherwise noted, this method must be called before any any other web service function, as the Authorization header value is required to call most methods.
A successful transaction will receive a 200 status code.

POST /Token
{
"grant_type": "client_credentials",
"client_id": "{email/username}",
"client_secret": "{password}"
}

POST /Token
{
"grant_type": "refresh_token",
"refresh_token": "{refresh token}",
}

POST /Token
{
"grant_type": "authorization_code",
"code": "{authorization code}",
"resource_type": "{resource type}"
}

MFA Example
POST /Token { "mfa_method": "Email or Auth", "mfa_token": "{mfa token from challenge endpoint}", "user_token": "{user token from challenge}", "otp":"{otp received within email}", "grant_type":"mfa_otp" }
OKTA Example
POST /Token { "grant_type": "authorization_code", "code": " Access Token from okta ", "resource_type": "okta" } HTTP Status Code 400 Error Codes (error property): InvalidGrantType - Invalid grant type.

InvalidResourceType - Invalid resource type.

InvalidRequest - The request is invalid.

IdTokenInvalid - Invalid id token.

HTTP Status Code 401 Error Codes (error property):

InvalidCredentials - Invalid credentials.

AccountUnverified - User account has not been verified.

IpRestriction - User's location is restricted by IP address. The IP address of the user's current location is invalid.

PasswordExpired - Password expired. The user must change their password.

AccountDisabled - Account is disabled.

AccountLockedOut - Too many invalid login attempts. The account has been disabled.

RefreshTokenInvalid - Invalid refresh token or expired.

IdTokenInvalid - Invalid id token.

MFARequired - MFA Required. To MFA via email, call the /token/challenge (POST) endpoint to continue.
To MFA via Authenticator app, call this endpoint again (MFA Example above).

Log in to see full request history
timestatususer agent
Retrieving recent requests…
LoadingLoading…
Body Params

Information required to retrieve an access token.

string

The method of which to request a token.

string

The scope of the token being requested.

string

The client id (i.e. username) of the user requesting a token.

string

The client secret (i.e. password) of the user requesting a token.

string

A refresh token. This value is used to obtain an access token instead of the client_id and client_secret.

string

An authorization code from an external resource.

string

The type of external resource.

string

Otp code received in Email vial challenge end point or via Auth app

string

Email or Auth

string

User token/user_token retrieved via challenge end point

string

MFA Token , retrieved via Email

int32

Company Id for auto provision users Okta

Responses

Language
URL
Click Try It! to start a request and see the response here! Or choose an example:
application/json
text/json